Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to transfer FSMO roles

Posted on 2016-11-11
2
Medium Priority
?
278 Views
Last Modified: 2016-11-11
Hello:

I am preparing to transfer the FSMO Roles from 1 Windows Domain Controller to another DC.  I have reviewed the process from the following web site: https://www.petri.com/seizing_fsmo_roles  ... and I have created more specific instructions for my network (Attached).  

I unfortunately do not have a test Lab or Test Domain to practice with on and I have not transferred roles in a very long time.  Hence, I wanted to verify the steps involved.  I created a similar question earlier
 ( https://www.experts-exchange.com/questions/28977018/How-to-swap-out-existing-domain-controllers-with-2-new-domain-Controllers.html ) ; but this is a little different and specifically focused on transferring the FSMO roles.

I am particularly concerned with the process to "To Transfer the Schema Master Role:" section (page 5, #8).  Even though I received a warning I think I should be able to transfer the Schema Master Role, as documented.  Or am I wrong and I should go about it a different way?

I wanted to ask other Network Administrators who may have done this before.  Just to put my mind at ease.
Procedure-to-transfer-the-Time-setti.pdf
0
Comment
Question by:Pkafkas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 27

Assisted Solution

by:DrDave242
DrDave242 earned 1000 total points
ID: 41884335
Even though I received a warning I think I should be able to transfer the Schema Master Role, as documented.  Or am I wrong and I should go about it a different way?

This warning is perfectly normal, because that console is connecting to a domain controller that doesn't hold the Schema Master role. When you do this, you can view the schema but can't change it. You can still transfer the role, though.
0
 
LVL 16

Accepted Solution

by:
Todd Nelson earned 1000 total points
ID: 41884350
Moving FSMO roles is essentially a non-event.

Use this article for moving Active Directory FSMO roles ... http://trunkofmemorie.blogspot.co.uk/2012/12/how-to-change-fsmo-roles-in-windows-2012.html

FYI...
You should never have to use ntdsutil to move FSMO roles unless one of your domain controllers crashed and is not receoverable--even with RODCs.

This article will help you to understand the best placement of each role ... https://support.microsoft.com/en-us/kb/223346

For transferring time services, I always use the following commands...

From an elevated PowerShell, run on PDC Emulator (First DC)...

w32tm.exe /config /manualpeerlist:”0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org 3.us.pool.ntp.org” /syncfromflags:manual /reliable:YES /update
Restart-Service w32time

Open in new window



Run these commands on all other DCs...

w32tm /config /syncfromflags:domhier /update
Restart-Service w32time

Open in new window

0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question